Switching & STP (Spanning Tree Protocol)

Switches uses ASICs [Application-specific Integrated circuits] chips to build and

maintain filter table. They are faster than router because they don’t take time
looking at the network layer header information. Instead, they look at the frame’s
hardware address before deciding to either flood, forward, or drop the frame.

Switch creates private, dedicated collision domain and provides independent

bandwidth on each port.

Switch Functions at Layer 2:

1. Address Learning : Switch learns the mac address from the source hardware
address of each frame received on an interface and build MAC database called
forward/filter table.
2. Forward/Filter Decision : When a frame is received, switch will lookup it’s mac
database and decide whether to forward, flood, or drop the frame.
3. Loop Avoidance : Multiple connection between switches for redundancy can cause
network loop. STP(Spanning Tree Protocol) is used to stop network loops while still
provide redundancy.
Port Security : It allows administrator to stop someone from simply plugging a host into one of
your switch ports by using port security.
Switch#conf t
Switch(Config)# int fa0/1
Switch(config-if)# switchport mode access -- This changes the mode from desirable to access.
Switch(config-if)# switchport port-security -- This enables port security.
Switch(config-if)# switchport port-security ?
Aging -- Port security aging commands
Mac-address – secure mac address
Maximum - max secure address
Viloation - security violation mode.
-Protect - Drops packets with unknown source addresses until you remove enough secure addresses to drop
below the maximum value.
-Restrict – Similar to protect in addition to cause the security violation counter to increment.
-Shutdown- Puts the interface into err disabled state and sends SNMP trap notification.

By default all ports in switch are in desirable mode. We have to change from desirable mode to
access port or we cannot configure port security.
If you want to allow one host per port and to shutdown if this rule violate, you use:
Swtich(config-if)# switchport mode access
Swtich(config-if)# switchport port-security maximum 1
Swtich(config-if)# switchport port-security violation shutdown.
Sticky commands configure dynamic address as sticky.
Swtich(config-if)# switchport port-security mac-address sticky
Swtich(config-if)# switchport port-security maximum 2
Swtich(config-if)# switchport port-security violation shutdown.
Loop Avoidance :

Spanning Tree Protocol [STP]: STP is a link management protocol designed to support
redundant links and main task is to stop network loop from occurring on layer 2
networks. It uses spanning tree algorithm (STA) [exchanges BPDUs] to first create a
topology database and then searches out and disable redundant links.
DEC(rename to Compaq) created original version of STP. IEEE created it’s own version
called 802.1D and Cisco 802.1w. Overtime STP became legacy and RSTP (Rapid
Spanning Tree Protocol) took its place. By default, STP is enabled on all Cisco
switches.
Versions of STP
Standard Description Abbreviation

Loop Prevention
Auto-reconfig of tree in case of
IEEE 802. 1D. STP
any changes
Slow convergence (up to 50 bps)

Rapid Spanning Tree Protocol

IEEE 802. 1w •Improved STP with RSTP
fasterconvergence
•Backward compatible with STP

Virtual LAN
IEEE 802. 1Q Defining 1 common spanning tree CST
for all VLANs

Per VLAN Spanning Tree

Cisco •1STP instance per VLAN PVRST+ orR-PVST+
Proprietary •PVST + is an improved variant of
PVST

Multiple Spanning Tree protocol

IEEE 802.1s Multiple instances of VLAN MSTP orMl STP
mapped to 1 STP.
Spanning Tree Terms:
Root Bridge (RB) – It is the bridge that offers an interconnection point for all segments. A focal
point in the network. All decision in the network such as which port to be blocked, forward
are made from the perspective of the root bridge. STP automatically select the root bridge.

Bridge ID - Bridge ID is how STP keeps track of all switches in the network. It is determined by
the combination of bridge priority and the base Mac address. Bridge with the lowest bridge
ID becomes the root bridge in the network.
Nonroot Bridges (NRB) – All the bridges that are not the root bridge. NRB
exchange BPDU with all bridges and update the STP topology database on all
switches, preventing loops and provide a measure of defense against link failure.

BPDU(Bridge Protocol Data Unit) – STP network devices exchange messages to

help from a loop free logic topology. These messages are called BPDU. BPDU’s are
forwarded out all ports every 2 seconds to a dedicated Multicast address
0180.c200.0000. It helps switches to do following:
a. A root bridge(Switch) is elected Timer Defaults
Hello 2 seconds
b. Root Ports are identified.
MaxAge 10*Hello(20seconds)
c. Designated Ports are identified Forward Delay 15seconds
d. Blocks the non-designated ports, to eliminate loop
Root Port (RP) – The root port is always the link directly connected to the root bridge.
Best Port to reach the Root Bridge.
Designated Port (DP) – Each LAN segment has 1 DP. Designated Port is a non-root port
that is permitted to forward traffic with the best route to the Root Bridge on a link.
NonDesignated Port(NDP) – They are left over after the RP and DP have been
determined. NDP are put in blocking mode – they are not forwarding port.
Forwarding Port (FP) – Forwarding port forwards frames and can be a root port or a
designated port.
Blocked Port (BP) – Blocked port is the port that, in order to prevent loops, will not
forward frames. However, a blocked port always listens to BPDU frames but drop
any and all other frames.
Port ID - Port ID helps you to decide the root port.
Port Cost (PC) – Port cost determine the best path when multiple links are used
between two switches. The cost of a link is determined by the bandwidth of a link.
Speed STP Cost
10 Mbps 100
100 Mbps 19
1 Gbps 4
10 Gbps 2
Electing an STP Root Bridge
First Step in STP convergence process is electing a root bridge. Root Bridge is elected based on
its Bridge ID. Which consist of 2 byte [16bit (4 bit Bridge priority and 12 bit Extended ID or
VLAN ID)] Bridge Priority and 6 byte(48bit) Mac address. Default priority is 32,768 and
lowest priority wins.
If there is a tie in priority, lowest mac address is used as a tie-breaker.

Switch#sh spanning-tree

Switches exchanges BPDU to perform Election Process, and the lowest Bridge ID
determine the Root Bridge.
1. SA, SB, and SC have default priority 32,769 (32,768+ default VLAN )
2. SA has the lowest mac address, and will be elected the Root Switch(Bridge)
By default, all switch will always believe it is Root Bridge, until it receives a BPDU
from a switch with a lower bridge ID referred as superior BPDUs. Election process is
continuous. All ports on root bridge are designated port (Forwarding state).
Identifying Root Ports
Second step in the STP convergence process is to identify Root Ports. The root port of
each switch has the lowest root path cost to get to the Root Bridge(Switch).
Each switch can have only one root port pointing to Root bridge. Path cost is cumulative
cost to the Root Bridge. Higher the bandwidth, lower the path cost.
In the previous diagram Switch A has a cumulative path cost of 0, because it is a Root
Bridge. Thus, Switch A send out BPDUs, it advertises a root path cost of 0. Switch B will
have a Path cost of 4 (4+0) and thus become Root Port as the second path via Switch C
will have a Path cost of 8 (4+4).
Path cost can be adjusted on per port basis.
Switch(config)#int fa0/12
Switch(config-if)#spanning-tree vlan 1 cost 24

Identifying Designated Ports

Third step in the STP convergence process is to identify designated ports. The designated
port is determined by the lowest cumulative path cost leading the root bridge. Switch
with the highest path cost will have its port blocked.
If the cumulative path cost is a tie, then it will choose lowest Bridge ID (i.e. Priority). If
there is a tie in priority, lowest Mac address is used as the tie breaker.
If two ports are eligible to become the designated port, then there is loop. One of the
port will be placed in blocking port. Ports across from Root Port are always designated
port.
Any port not elected as Root or designated port, will be placed in a blocking state. A
port can never be both designated port and a root port. Ports on the Root Bridge
are never placed in blocking state and they are always designated port (Forwarding
sate).
Port ID
When electing root ports and designated Ports, it is possible to have a tie in both path cost and bridge ID.
Normally, lowest Bridge ID is used as the tie breaker.
Port ID is 4 bit port priority and 12 bit port number (Derived from physical port number). By default,
port priority of an interface is 128 and a lower priority is preferred. If there’s a tie then lowest port
number is preferred.
Port ID is the last tie beaker STP will consider. STP determine root and designated port using following
criteria
a. Lowest Path cost to the bridge
b. Lowest Bridge ID
c. Lowest Neighbor Port ID [ Use when redundant link exist and require to choose between DP and RP]
The port number is a fixed value, but port priority can be changed on a per interface basis:
Switch(config)# int gi2/11
Switch(config-if)# spanning-tree vlan 101 port-priority 32
Extended System IDs
IEEE 802.1t altered the Bridge ID to include an extended system ID to overcome the
scalability issue. Bridge ID remain 64bit but now consist of 3 component
a. 4-bit Bridge Priority
b. 12-bit System or VLAN ID
c. 48-bit Mac address.
With Extended system IDs, the new priority range is 0 to 61,440 and the priority must
be in multiples of 4096 and default is still 32,768.
Extended System IDs are enabled by default and cannot be disabled if a switch
platform does not support 1024 system Mac addresses. Extended System IDs
increase the number of supported VLANs in the STP topology from 1005 to 4094.

Basic STP Configuration:

STP is enabled by default on all Cisco switches for all VLANs and ports.
To Disable STP for an entire VLAN
Switch(config)#no spanning-tree vlan 1
Or a range of VLAN can be specified
Switch(config)#no spanning-tree vlan 101-210

STP can be disabled on per post basis for specific VlAN

Switch(config)#int fa0/12
Switch(config-if)#no spanning-tree vlan 1
Priority must be in multiples of 4096 when extended system IDs are enabled
SwitchA(config)# spanning-tree vlan 1 priority 8192

A switch can be indirectly forced to become Root Bridge for a specific VLAN
SwitchA(config)# spanning-tree vlan 1 root primary
Note: Root primary parameter automatically lowers the priority to 24,576.

To designate secondary/backup root bridge. This will increase the likelihood that a
specified switch will succeed as the new root bridge in the event of a failure
SwitchB(config)# spanning-tree vlan 1 root secondary
The root secondary parameter automatically lowers switch priority to 28,672

STP Port Status

As STP converges the switching topology, a switch port will progress through a series
of states
1. Blocking – Initially switch port will start in a blocking state. A blocked port won’t
forward frames only listens to BPDUs. Purpose of blocking is to prevent loop. All
ports are in blocking state by default when the switch is powered up. Interface do
not learn Mac addresses when in blocking state.
2. Listening – A port will transition from blocking to Listening state. Listening port will
not forward frames or learn Mac address. It will send and listen BPDUs to
participate in Root Bridge, root port or designated port. If listening port is not
elected as root or designated port then it will transition back to blocking state.
3. Learning – If listening port is elected as Root or designated port, then it will
transition to Learning state. A port was must wait a brief period of time called
Forward Delay before transitioning fro listening to Learning.
Learning port will begin to learn Mac address and adds to CAM table but doesn’t
forward frames. It will continue to send and listen BPDUs.
4 Forwarding – Learning Port will transition to Forwarding state. A forwarding port is
fully functional and will send and listen BPDUs, learn Mac-address, and forward
frames. Root or designated port will eventually transition to a forwarding state.
Disabled – Port in the disabled state (administratively) does not participate in the
frame forwarding or STP. It is virtually nonoperational.

STP RSTP
Disabled (no limit) Discarding
Blocked (20sec) Discarding
Listening (15sec) Discarding
Learning (15sec) Learning
Forwarding (no limit) Forwarding
STP Timers
3 timers that are crucial to the STP process
- Hello Timer – How often switches send BPDUs. Default 2 sec.
- Forward Delay Timer – How long a port must wait before transition. Default 15sec.
- Max age Timer – How long switch retains BPDUs before discard. Default 20sec
Timers can be adjusted and must be changed on Root Bridge(Switch) and root bridge will propagate
to all switches.
Switch(config)# spanning-tree vlan 1 hello-time 10
Switch(config)# spanning-tree vlan 1 forward-time 20
Switch(config)# spanning-tree vlan 1 max-age 40

STP Diameters
STP Timers are based on Diameter of the switch topology, basically it’s the length measured in
number of switches including root bridge. By default, STP assumes a switching diameter of 7
which is also the max diameter.
Note: Switching topology can contain more than 7 switches. However, each branch of the switch
tree can only extend seven switches deep, with Root Bridge always on top.
The diameter should be configured on the Root Bridge:
SwitchA(config)# spanning-tree vlan 1 root primary diameter 5

STP Topology Change

Switches exchange two types of BPDUs when building and converging the topology database.
a. Configuration BPDUs –Used to elect Root Bridge, Root Port, and Designated Port
b. TCN (Topology Change Notification) BPDUs – Whenever a change occurs in topology.
Once the Root Bridge receives the TCN, it will send out a configuration BPDUs to all
switches, with the topology change (TC) flag set. This ensures that all switches in
the STP topology are informed about the change.

Two types of failure can occur in STP Topology:

1. Direct Failure – If root port on SB fails, Switch B(SB) consider direct failure
2. Indirect Failure – For SC it would be considered as Indirect failure because port
is not local on Switch C(SC).
By detecting and reacting the link failure, STP can take advantage of redundancy
provided by loops. Link failure can still impact that network segment for a
minimum of 30seconds.
Improved STP Convergence
3 cisco proprietary feature that improves 30secs STP convergence
a. PortFast – Allows a switchport to bypass usual STP states. Instead it will transition from
blocking to forwarding state immediately. Save 30secs of STP convergence but still follow
STP process with receives BPDUs.
Note: PortFast should be enabled on ports connected to Host. If enabled on port connect to
switch, any loop will result in broadcast storm.
Port fast is disabled by default. To enable PortFast on switch port
SwitchD(config)# int gi1/14
SwitchD(config-if)# spanning-tree portfast
SwitchD(config)# spanning-tree portfast default --- This command is use to enable for all interface.

b. UplinkFast – Allows a blocking port to be held in a standby state. If the root port fails,
blocking port can immediately transition to a forwarding state. It improves convergence
time for direct failure in STP topology.
Uplink fast is disabled by default and must be enabled globally for all VLAN on switch.
Switch(config)# spanning-tree uplinkfast
Note: Uplink fast is not supported on the Root bridges, it is intended for the furthest
downstream switches in the STP topology.

c. BackBoneFast – Backbone fast provides improve convergence if there is an indirect

failure in STP topology. It allows switch to bypass max age timer. Backbonefast is a global
command and should be enabled on every switch
Switch(config)# spanning-tree backbonefast
Protecting STP

STP is vulnerable to attack for two reasons:

1. STP builds topology by accepting BPDUs from neighboring switches.
2. Root Bridge is always determined by lowest bridge ID.
Cisco implemented 3 mechanism to protect the STP topology. All 3 mechanism are configured on per port basis and disabled by
default.
3. Root Guard – Prevents unauthorized switch from advertising itself as a Root Bridge. If a superior BPDU is received on a
port with RootGuard enabled, the port is placed in a root-inconsistent State. Port can still listen but will not forward
Switch(config)# interface gi1/14
Switch(config-if)# spanning-tree guard root

To view all ports that have been placed in a root-inconsistent state:

Switch# show spanning-tree inconsistentports
Root Guard can automatically recover. As soon as superior BPDUs are no longer received.

2. BPDUGuard – BPDU Guard can be used in conjuction with PortFast to avoid broadcast storm. If port is connected to
switch instead of Host, it will place the port in an errdisabled state once a BPDU is received.

BPDU Guard should be enabled on any port with PortFast enabled. It is disabled by default, and can be enabled on a per-
interface basis:
Switch(config)# interface gi1/14
Switch(config-if)# spanning-tree bpduguard enable

If BPDU Guard is enabled globally, it will only apply to PortFast ports:

Switch(config)# spanning-tree portfast bpduguard default

An interface can be manually recovered from an errdisable state by performing a shutdown and then no shutdown:
Switch(config)# interface gi1/14
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
3. BPDUFilter – Prevents BPDUs from being sent out a port, and must be enabled in conjunction
with PortFast. If BPDUs are received on a port with BPDU filtering will react to one of two
ways depend on how its configured.
a. If filtering is enabled globally, a received BPDU will disable portfast on that port
b. If filtering is enabled on per port, a received BPDU is ignored.

If BPDU Filtering is enabled globally, it will only apply to PortFast ports:

Switch(config)# spanning-tree portfast bpdufilter default

To enable BPDU Filtering on a per-interface basis:

Switch(config)# interface gi1/15
Switch(config-if)# spanning-tree bpdufilter enable

Loop Guard
Loop guard provides a more comprehensive solution – If blocking port stops receiving BPDUs on
VLAN, it is moved into a loop-inconsistent state for that VLAN.
A port in a loop-inconsistent state cannot forward traffic for the affected VLAN and is essentially
in a pseudo-errdisable state. However, loop guard automatically recovers as soon as BPDUs
are received again.
Loop Guard can be enabled globally:
Switch(config)# spanning-tree loopguard default
Loop Guard can also be enabled on a per-interface basis:
Switch(config)# interface fa0/1
Switch(config-if)# spanning-tree guard loop
Loop Guard should only be enabled only on trunk ports or ports that connect to other switches. It
should never be enabled on ports connecting to Host.
IEEE STP CISCO Version STP
Spanning Tree Protocol (802.1D) Per-VLAN Spanning Tree Plus (PVST+)
- Original/Standard STP - Cisco upgrade 802.1D
- All VLANS share one STP Instance - Each VLAN has its own STP instance
- Convergence takes upto 50s - Can load balance by blocking
different ports in each VLAN.

Rapid Spanning Tree Protocol (802.1w) Rapid per-vlan Spanning Tree +(R-PVST+)
- Much faster convergence to - Upgrade to 802.1w
network change compared to 802.1D
- All VLANS share one STP Is instance - Each VLAN has its own STP Instance
- cannot load balance and generate -Can load balance by blocking
BPDU every Hello(2sec) as Keepalive. different ports in each VLAN

Multiple Spanning Tree Protocol (802.1s)

-Used modified RSTP mechanics.
- Can group multiple VLAN into
different STP instance to perform
Loadbalance.
Rapid Spanning Tree Protocol (RSTP)

RSTP is not a timer based spanning algorithm like 802.1D. However, it reduces the
convergence time to about 6seconds. RSTP uses handshake mechanism which
allows ports to move directly to forwarding. Today STP is obsolete.

802.1D Disabled, Blocking, and Learning state are merged into a unique 802.1w
Discarding state. RSTP is similar in many respects to STP:
a. BPDUs are forwarded between switches
b. Root Bridge is elected, based on the lowest Bridge ID
c. Root and Designated ports are elected and functions identical to STP

• RSTP define four port roles :

• Root Port – Port on each switch that has best path cost to the Root Bridge. A
switch can only have one Root Port.
• Alternate – Backup Root Port that has less desirable path cost.
• Designated – DP represent the best path cost for each network segment to the RB.
• Backup – Backup Designated Port that has less desirable path cost.
Blocked Port is split into 2 port
in RSTP
Alternate Port receives more
useful(Superior) BPDUs from
another bridge and is port blocked.
Function as a backup to the root
port. If root port fails, switch can
immediately move its best alternate
port to forwarding State.

Backup Port receives more useful

BPDUs from the same bridge it is on
and is a port blocked.
Rapid Spanning Tree operation

802.1D STP supported 5 port state, while RSTP support 3:

Discarding – Discarding port will not forward frames or learn Mac addresses and will listen for
BPDUs. Alternate and Backup Port will remain in a discarding state.

Learning - RSTP does not need a listening state. It will transition from discarding to a learning state. A
learning port will add Mac address to the CAM table. The port is not forwarding frames yet, but is
populating its MAC-address-table

Forwarding – The port is fully operational. Root and Designated port will eventually transition to a
forwarding state. It will send and listen for BPDUs, Learn MAC addresses and forward frames.
In stable classic STP, only the Root Bridge originate BPDUs and the other switch just
forward the BPDUs they receive. However, in rapid STP all switches originate and send
BPDUs from their Designated Port.

STP Feature that was built-in to RSTP were:

a. PortFast
b. UplinkFast
c. BackboneFast
RSTP distinguishes between 3 different link types:
Edge – Port that connect to a host. This port behaves exactly like PortFast, transitioning
to a forwarding state immediately.
Point-to-Point – Ports that connect to another switch, with the potential to become the
designated port for a segment.
Note- on Cisco switches any port configured with PortFast becomes and Edge Port
Shared – Connection to a hub and must operate in half-duplex mode.

RSTP generate Topology when there is a change in two circumstances:

1. When a port transition into forwarding state
2. When a port transition into blocking or down state.
In the event of topology change, RSTP will allow alternate or backup ports to
immediately enter a forwarding state. It does not have to wait arbitrary max age
timer, if there’s any indirect failure in topology.
Basic RSTP Configuration
To enable RPVST+ globally on a switch:
Switch(config)# spanning-tree mode rapid-pvst

To configure EdgePort, you can use following command

Switch(config-if)# spanning-tree portfast

To configure Interface explicity point-to-point (This is enabled by default in RSTP)

Switch(config-if)# spanning-tree link-type point-to-point

To configure interface as shared

Switch(config-if)# spanning-tree link-type shared
Multiple Spanning Tree (MST)
MST allows a group of VLAN to be mapped to an STP instance. Each MST instance builds its own RSTP
topology database, including electing its own Root Bridge. Vlan can only be assigned to one
instance.
MST further separates the STP topology into regions. All switches in a region must be configured with
identical MST parameters.
- 32 byte configuration name
- 16 bit revision number
- VLAN to instance mapping database.
If two switches are configured with different MST parameters, they belong to different MST regions. A
region can contain a maximum of 16 MST instances. By default, all VLANs belong to instance 0

MST Configuration
To enable MST globally on a switch:
Switch(config)# spanning-tree mode mst

Changes to MST parameters must be made from MST configuration mode:

Switch(config)# spanning-tree mst configuration
Switch(config-mst)#

To assign the MST configuration name and revision number:

Switch(config-mst)# name MYMSTNAME
Switch(config-mst)# revision 2

To map VLANs to a specific MST instances:

Switch(config-mst)# instance 2 vlan 1-100
Switch(config-mst)# instance 3 vlan 101-200

To configure a switch as the Root Bridge for MST instance 2:

Switch(config)# spanning-tree mst 2 root primary
EtherChannel
Bandwidth is overly subscribed
leading to network congestion

To resolve network congestion,

additional links were added.
 EtherChannel- Grouping multiple interface
together as a single logical interface

STP(Spanning Tree Protocol) will treat this multiple interface link as one single logical
interface. Traffic using the EtherChannel will be loadbalanced among the physical
interfaces in the group using algorithm.
EtherChannel are also referred as:
a. PortChannel
b. Link Aggregation Group (LAG)
When traffic is passed from source to destination, they uses the same physical link
even though portchannel offer loadbalance to avoid mismatch or out of frame
sequence issue.

In portchannel, you can change the inputs used in the interface selection calculation:
Inputs can be Source MAC or Destination MAC or Both. Other than Mac, you can also
use IP. Default is src-mac.

To change the default

method
EtherChannel Methods
There are three methods of EtherChannel configuration on Cisco switches:
1. Port Aggregation Protocol(PAgP) – Cisco proprietary Protocol and cannot be used
with other vendor switch like Juniper, Nokia etc. It dynamically negotiates the
creation and maintenance of the EtherChannel.
2. Link Aggregation Control Protocol (LACP) – It’s the industry standard protocol
802.3ad. It dynamically negotiate creation and maintenance of the EtherChannel.
It supports multi-vendor product.
3. Static EtherChannel – Protocol isn’t used instead interfaces are configured
manually to form etherchannel.

Note: Maximum 8 active ports are supported in a single EtherChannel. It is also

supported on Layer 3 interface. LACP supports upto 16 but only 8 will be active at a
time and other 8 will be in standby mode.
 PAgP Configuration

Switch_Access(config)#int range fa0/6-8

Switch_Access(config-if-range)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only ---- For static EtherChannel.
passive Enable LACP only if a LACP device is detected
Switch_Access(config-if-range)#channel-group 1 mode desirable
Switch_Access(config-if-range)#
Creating a port-channel interface Port-channel 1

Note: Following mode on each side of the switches required to form etherchannel.
Auto+ Auto = No EtherChannel,
Desirable + Auto = EtherChannel
Desirable + Desirable = EtherChannel
Channel group has to match for member interface on the same switch. However, it doesn’t have to match on the other switch
Distribution_Switch(config)#int range fa0/1, fa0/3,fa0/4
Distribution_Switch(config-if-range)#channel-group 2 mode active
Distribution_Switch(config-if-range)#
Creating a port-channel interface Port-channel 2
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
%LINK-5-CHANGED: Interface Port-channel2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel2, changed state to up
Distribution_Switch(config-if-range)#

To Validate on both switches [Access_Switch and Distribution_Switch] for PortChannel

 LACP Configuration

Switch_Access(config)#int range fa0/6-8

Switch_Access(config-if-range)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only ---- For static EtherChannel.
passive Enable LACP only if a LACP device is detected
Switch_Access(config-if-range)#channel-group 1 mode active
Switch_Access(config-if-range)#
Creating a port-channel interface Port-channel 1

Note: Following mode on each side of the switches required to form etherchannel.
Passive+ Passive= No EtherChannel,
Active+ Active= EtherChannel
Active+ Passive= EtherChannel
Channel group has to match for member interface on the same switch. However, it doesn’t have to match on the other switch
Distribution_Switch(config)#int range fa0/1, fa0/3,fa0/4
Distribution_Switch(config-if-range)#channel-group 2 mode desirable
Distribution_Switch(config-if-range)#
Creating a port-channel interface Port-channel 2
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
%LINK-5-CHANGED: Interface Port-channel2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel2, changed state to up
Distribution_Switch(config-if-range)#

To Validate on both switches [Access_Switch and Distribution_Switch] for PortChannel

 Static Ether Channel
Configuration

Switch_Access(config)#int range fa0/6-8

Switch_Access(config-if-range)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only ---- For static EtherChannel.
passive Enable LACP only if a LACP device is detected
Switch_Access(config-if-range)#channel-group 1 mode on
Switch_Access(config-if-range)#
Creating a port-channel interface Port-channel 1

Note:On mode only works with On Mode.

Distribution_Switch(config)#int range fa0/1, fa0/3,fa0/4
Distribution_Switch(config-if-range)#channel-group 2 mode on
Distribution_Switch(config-if-range)#
Creating a port-channel interface Port-channel 2
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
%LINK-5-CHANGED: Interface Port-channel2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel2, changed state to up
Distribution_Switch(config-if-range)#

To Validate on both switches [Access_Switch and Distribution_Switch] for PortChannel

 Changes made to the logical port channel interface are applied to all physical ports in
the channel-group
Switch_Access(config)#int port-channel 1
Switch_Access(config-if)#switchport mode trunk

!
After Change
Before Change interface Port-channel1
interface FastEthernet0/1 switchport mode trunk
! !
interface FastEthernet0/1
interface FastEthernet0/2 !
! interface FastEthernet0/2
interface FastEthernet0/3 !
! interface FastEthernet0/3
interface FastEthernet0/4 !
! interface FastEthernet0/4
!
interface FastEthernet0/5 interface FastEthernet0/5
! !
interface FastEthernet0/6 interface FastEthernet0/6
channel-group 1 mode desirable switchport mode trunk
! channel-group 1 mode desirable
interface FastEthernet0/7 !
interface FastEthernet0/7
channel-group 1 mode desirable switchport mode trunk
! channel-group 1 mode desirable
interface FastEthernet0/8 !
channel-group 1 mode desirable interface FastEthernet0/8
! switchport mode trunk
channel-group 1 mode desirable
!
Member Interface settings must be identical :
1. Duplex settings
2. Speed settings
3. STP settings
4. VLAN membership (for access ports)
5. Allowed VLAN (for trunk ports)
6. Trunking encapsulation protocol (for trunk ports)
If an interface’s configuration do not match the others, it will be excluded from the
EtherChannel.

Switch_Access#sh etherchannel summary

Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 1

Number of aggregators: 1

Group Port-channel Protocol Ports

------+-------------+------------------------------------------+------------------------------------------+--------------------------
1 Po1(SU) PAgP Fa0/6(P) Fa0/7(P) Fa0/8(P)
Switch_Access#
Port Channel Details

Spanning Tree Detail

 To configure port-channel as Layer 3 Interface

ASW1(config)#int ra g1/0/1-2
ASW1(config-if-range)#no switchport ASW2(config)#int r g1/0/1-2
ASW1(config-if-range)# ASW2(config-if-range)#no switchport
%LINEPROTO-5-UPDOWN: Line protocol on Interface ASW2(config-if-range)#
GigabitEthernet1/0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
GigabitEthernet1/0/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
GigabitEthernet1/0/2, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/2, changed state to down
GigabitEthernet1/0/2, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet1/0/2, changed state to up
ASW1(config-if-range)#channel-group 1 mode active
ASW1(config-if-range)# ASW2(config-if-range)#channel-group 2 mode active
Creating a port-channel interface Port-channel 1 ASW2(config-if-range)#
ASW1(config-if-range)# Creating a port-channel interface Port-channel 2
%LINK-5-CHANGED: Interface Port-channel2, changed state to up
Layer 3 Interface Configuration %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel2,
ASW1(config-if-range)#int po1 changed state to up
ASW1(config-if)#ip address [Link] [Link]
Layer 3 Interface Configuration
ASW2(config-if-range)#int Po2
ASW2(config-if)#ip address [Link] [Link]